14 DAY TRIAL // With the release of Shockwave Player version 12.2.1.171, Adobe has just patched a critical issue in its software that would have allowed attackers to gain complete control of targeted computers.
The bug (CVE-2015-7649) affects both Mac and Windows users, and according to Adobe's engineers, it would have enabled attackers to compromise remote computers and then execute remote code, gaining full control of the operating system.
The issue was assigned the highest priority rating from Adobe (priority 1), and a severity level of "Critical," which means that attackers would have been able to use this exploit without users ever being aware.
The bug's critical severity has also forced Adobe's hand to break its usual patch release protocol, during which the company announces in advance all upcoming patches. If you’ve kept an eye on Adobe's security bulletin, this recent update has come out of nowhere.
Currently, Adobe Shockwave Player has a market share of 41%, compared to Flash's ~90%. The product is almost the same as the classic Flash Player, only it features an older, usually more stable version of the Flash runtime.
CVE-2015-7649 seems to be an issue only with Shockwave, and Flash players are to be considered safe from this vulnerability.
Fortinet’s Fortiguard Labs is the security firm that discovered and disclosed this bug to Adobe.
Download Adobe Shockwave Player 12.2.1.171 as soon as possible to make sure that all bugs on your computer are fixed.